General
-
Target
FridayBoycrazy.exe
-
Size
279KB
-
Sample
240806-p592qazcmq
-
MD5
9b838a440786b24df80da0637dff3ba0
-
SHA1
23ccd406239bdd950639cdd2a4382c602fa55aeb
-
SHA256
6783ca1fa4ed35e2a48464fbe3c6e9c09c7165e6d3802c8cc395889e4726c389
-
SHA512
ed8f0013bdd3cb09478bc07ad29827d556578168a6fffd1d0b23005e9fe29ba1364496bf3236e056fb8f623851165ee3945a8675b735527a2c7600599457639b
-
SSDEEP
6144:br9OIyJ7/+WZT1kRnSeXSX9MNzxiMwP2Oswd:fyJ7/+Wd1kRnFX4mNzxyeOswd
Behavioral task
behavioral1
Sample
FridayBoycrazy.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
FridayBoycrazy.exe
-
Size
279KB
-
MD5
9b838a440786b24df80da0637dff3ba0
-
SHA1
23ccd406239bdd950639cdd2a4382c602fa55aeb
-
SHA256
6783ca1fa4ed35e2a48464fbe3c6e9c09c7165e6d3802c8cc395889e4726c389
-
SHA512
ed8f0013bdd3cb09478bc07ad29827d556578168a6fffd1d0b23005e9fe29ba1364496bf3236e056fb8f623851165ee3945a8675b735527a2c7600599457639b
-
SSDEEP
6144:br9OIyJ7/+WZT1kRnSeXSX9MNzxiMwP2Oswd:fyJ7/+Wd1kRnFX4mNzxyeOswd
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-